The Dukes of Hacking attack the West

Posted 17 September 2015 - 12:53 PM

A group of Russian government-backed hackers dubbed "The Dukes" have been pilfering information from a range of different sources to help inform policy in the country.

First reported by V3, the group has targeted various ministries of defense across parts of Eastern Europe, foreign affairs ministers in Asia and Africa, and political think tanks.

"The Dukes are a well-resourced, highly dedicated and organised cyber espionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision making," stated a report from F-Secure.

How it works

The attacks have a huge element of 'smash and grab' about them and have used a range of different 'Duke' malware variants such as MiniDuke, CosmicDuke, OnionDuke and CozyDuke to carry out the attacks.

"The Dukes have been known to engage in campaigns with unaltered versions of tools that only days earlier have been brought to the public's attention by security companies and actively mentioned in the media," F-Secure said. "In doing so, The Dukes show unusual confidence in their ability to continue successfully compromising their targets even when their tools have been publicly exposed, as well as in their ability to operate with impunity."

Targets have so far included the ministries of defence in Georgia and Estonia, foreign affairs ministers in Turkey and Uganda, and political think tanks in the US, Europe and Central Asia.

Russia is a top threat

Russia is listed by the US as one of the top cyber threats anywhere in the world and the latest revelations come just days after Kaspersky uncovered a campaign that used satellite connections to hack targets.

In that case the Ouroborus malware (also known as Snake or Turla) used commercial satellites to access hidden receiving stations in Africa and the Middle East to mask malware attacks against western military and governmental networks.